class UsersController < ApplicationController

  before_filter :admin_check, only: [:index, :destroy]

  def index
    @users = User.paginate(
      page: params[:page],
      per_page: 20,
    )

    respond_to do |format|
      format.html
    end
  end

  def update
    @user = User.find params[:id]

    respond_to do |format|
      if params[:current_password] == @user.password && @user.update_attributes(params[:user].except(:current_password))
        format.html { redirect_to root_path, notice: "Edit successfully"}
      else
        format.html { redirect_to :back, notice: "Edit failed"}
      end
    end
  end

  def destroy
    @user = User.find params[:id]
    @user.destroy

    respond_to do |format|
      format.html { redirect_to users_url }
    end
  end

  protected

  def admin_check
    unless current_user.admin?
      flash[:notice] = t('errors.messages.no_permission')
      redirect_to books_path 
    end
  end

end
